Russian Cyber Attack Threat to Global Banking System

FS_Russian_Hackers_2.jpg

A security firm is warning that a group of Russian hackers known for targeting military, government and media organizations is now preparing to attack banks in the US and elsewhere.

The group's preparations have included new malware and registering domain names that are similar to those of the intended targets and were recently discovered by some analysts from the security firm Root9B.
The group has been active since at least 2007 and is known by various names including APT28 and Pawn Storm. Several security vendors believe it operates out of Russia and has possible ties to that country's intelligence agencies.
The group's primary malware tool is a backdoor program called Sednit or Sofacy that it delivers to victims through spear-phishing emails or drive-by downloads launched from compromised websites.
The Root9B analysts came across a phishing domain at the end of April that was similar to that of a Middle Eastern financial institution, according to a report published recently. When they dug deeper they uncovered new Sofacy malware samples and servers and domains that were being set up by the group for an upcoming operation.
The company has alerted the financial institutions, as well as international and US authorities. It's not clear if the attacks have started yet, but the Root9B analysts believe that when they do, they will likely include spear-phishing.
The company released hashes for the new malware samples it has identified and the IP address of a command-and-control server set up by the attackers, so that companies can block them on their networks.

Based on the evidence they've seen, the Root9B analysts believe that there might be two subgroups within APT28: One that targets military and government organizations and one that targets financial institutions and banks. Of course, the attackers might now decide to delay the operation in order to change their infrastructure and targets. So, financial institutions should remain vigilant and should examine all email messages for possible spear-phishing attempts.


Computerworld

 

« Google Says Self-Driving Cars Drive Better Than You
Fast Growing Companies Use CIOs Technology Strategy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Phoenix TS

Phoenix TS

Phoenix TS offers world-class management, computer, and IT security certification training courses.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

Tiro Security

Tiro Security

Tiro Security is a boutique company specializing in information security and IT audit recruitment and solutions.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

Rentalworks

Rentalworks

Rentalworks is a leading provider of Internet-of-Things (IoT) Asset Lifecycle Management Services including secure data erasure and disposal.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

National Security Services Group (NSSG) - Oman

National Security Services Group (NSSG) - Oman

National Security Services Group (NSSG) is Oman's leading and only proprietary Cybersecurity consultancy firm and Managed Security Services Provider.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

FluidOne

FluidOne

FluidOne are an award-winning Connected Cloud Solutions provider. We design tailored solutions to help customers and partners digitally transform their IT and communications.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.